A former boss of mine had a habit of periodically and unexpectedly making provocative statements followed by a question of, “What do you think?” It was his way of generating a frank dialogue on a topic void of political correctness and corporate courtesies, and it worked.
In that same spirit, this post is intended to be provocative as you think about how the leadership of your company really views privacy. In discussing privacy with many different companies over the past several years, there are at least two distinct types: the players and the pretenders.
- truly recognize the value of privacy to the business;
- support privacy above and beyond compliance obligations and fears of enforcement;
- fund, as opposed to starve, their privacy functions and continuously seek to improve.
For example, a start-up company with the ability to legally exploit personal information it has for business gain resisted the temptation and held true to its “put people first” core value and did not risk compromising customer trust and loyalty.
- try to create the persona of being a player;
- say all the right things internally and externally, but their actions do not support the rhetoric, sometimes not even remotely;
- think everyone will only focus on their words and not their actions.
At a large organization, the general counsel opened a meeting with a convincing monologue about how the company is committed to privacy and “doing the right thing.” We then began discussing the Mass 201 requirements and where the company needed to make numerous fundamental improvements. After admitting the shortfalls, he focused on the relative lack of enforcement and uncertainty about the level of fines, and then and there, he decided the organization would do nothing on meeting the basic requirements until there was active enforcement.
As privacy professionals, we help players win and can help pretenders to be players—or at least stop pretending.
So, what do you think?